haxcms-php

CVEs (1)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-48527	@haxtheweb @haxtheweb/haxcms Nodejs	Hig	0.57	8.7	—		May 29, 2026	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the…

CVE-2026-48527HigMay 29, 2026
@haxtheweb
@haxtheweb/haxcms Nodejs
risk 0.57cvss 8.7epss —
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the…